CVE-2020-15095 @ Npm-npm-3.10.10

**Checkmarx \(SCA\):** Vulnerable Package
**Vulnerability:** [Read More ](https://devhub.checkmarx.com/cve-details/CVE-2020-15095) about CVE-2020-15095
**Checkmarx Project:** [cx\-boris\-goman/AutoPR](https://rel-candidate.perf.cxast.net/projects/4f3b5075-3c86-4854-8fd3-efd609980d39/overview?branch=kid)
**Repository URL:** [https://github.com/cx\-boris\-goman/AutoPR](https://github.com/cx-boris-goman/AutoPR)
**Branch:** kid
**Scan ID:** [bfaa74de\-6358\-4edb\-a528\-1d669bc0863c](https://rel-candidate.perf.cxast.net/projects/4f3b5075-3c86-4854-8fd3-efd609980d39/scans?id=bfaa74de-6358-4edb-a528-1d669bc0863c&branch=kid)


----
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.





----
**Additional Info**
**Attack vector:** LOCAL
**Attack complexity:** HIGH
**Confidentiality impact:** HIGH
**Availability impact:** NONE
**Remediation Upgrade Recommendation:** 6.14.6


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2020-15095 @ Npm-npm-3.10.10 #398

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2020-15095 @ Npm-npm-3.10.10 #398

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions